GitBook: [master] one page and one asset modified

2024-11-25 14:10:41 +00:00 · 2021-04-28 17:45:30 +00:00 · 2021-04-28 17:45:30 +00:00 · 89dbdd726a
commit 89dbdd726a
parent 458bc4a407
2 changed files with 40 additions and 0 deletions
--- a/.gitbook/assets/image
+++ b/.gitbook/assets/image
--- a/pentesting/pentesting-kubernetes/enumeration-from-a-pod.md
+++ b/pentesting/pentesting-kubernetes/enumeration-from-a-pod.md
@ -229,3 +229,43 @@ https://<Kubernetes_API_IP>:<port>/apis/extensions/v1beta1/namespaces/default/da
 {% page-ref page="../../linux-unix/privilege-escalation/docker-breakout.md" %}
 ## Search vulnerable network services
 As you are inside the Kubernetes environment, if you cannot escalate privileges abusing the current pods privileges and you cannot escape from the container, you should **search potential vulnerable services.**
 ### Services
 **For this purpose, you can try to get all the services of the kubernetes environment:**
 ```text
 kubectl get svc –all-namespaces
 ```
 ![](../../.gitbook/assets/image%20%28471%29.png)
 ### Scanning
 The following Bash script \(taken from a [Kubernetes workshop](https://github.com/calinah/learn-by-hacking-kccn/blob/master/k8s_cheatsheet.md)\) will install and scan the IP ranges of the kubernetes cluster:
 ```bash
 sudo apt-get update
 sudo apt-get install nmap
 nmap-kube () 
 { 
 nmap --open -T4 -A -v -Pn -p 443,2379,8080,9090,9100,9093,4001,6782-6784,6443,8443,9099,10250,10255,10256 "${@}"
 }
 nmap-kube-discover () {
 local LOCAL_RANGE=$(ip a | awk '/eth0$/{print $2}' | sed 's,[0-9][0-9]*/.*,*,');                                                                  
 local SERVER_RANGES=" ";
 SERVER_RANGES+="10.0.0.1 ";
 SERVER_RANGES+="10.0.1.* ";
 SERVER_RANGES+="10.*.0-1.* ";
 nmap-kube ${SERVER_RANGES} "${LOCAL_RANGE}"
 }
 nmap-kube-discover
 ```
 ## References
 {% embed url="https://www.cyberark.com/resources/threat-research-blog/kubernetes-pentest-methodology-part-3" %}